Paper Info
Title
Secure Cryptography Infrastructures in the Cloud
Abstract
Information systems are deployed in clouds as virtual machines (VMs) for better agility, elasticity and reliability. It is necessary to safekeep their cryptographic keys, e.g., the private keys used in TLS and SSH, against various attacks. However, existing virtualization solutions do not improve the cryptography facilities of in-cloud systems. This paper presents SECRIN, a secure cryptography infrastructure for VMs in the cloud. SECRIN is composed of a) virtual cryptographic devices implemented in VM monitors (VMMs), and b) a device management tool integrated in the virtualization management system. A virtual device receives requests from VMs, computes with cryptographic keys within the VMM and returns results. The keys appear only in the VMM's memory space, so that they are kept secret even if the VMs were compromised. With the management tool, the operator of virtualization management systems assigns virtual cryptographic devices to a VM as well as other resources, while the tenant (or owner) of a VM still holds proper controls on the keys. The virtual devices work compatibly with live migration, and the cryptographic computations are not interrupted when the VMs are moving from a host to another. We develop the SECRIN prototype with KVM-QEMU and oVirt. Experimental results show that, it works compatibly with existing virtualization solutions, provides reliable cryptographic computing services for applications, and is secure against attacks happening in VMs.
Year
DOI
Venue
2019
10.1109/GLOBECOM38437.2019.9014033
IEEE Global Communications Conference
Field
DocType
ISSN
Computer science,Cryptography,Computer network,Cloud computing
Conference
2334-0983
Citations 
PageRank 
References 
0
0.34
0
Authors
7
Name
Order
Citations
PageRank
Dawei Chu100.68
Kaijie Zhu200.34
Quanwei Cai301.69
Jingqiang Lin416639.01
Fengjun Li523323.55
Guan Le63810.01
Lingchen Zhang7154.88